The default setting of JPDA_ADDRESS=8000 poses some security risk. In many corporate environments daily or weekly security scans are normal.
People, like me, sometimes forget to shutdown Tomcat in debug mode. Port 8000 is open to anyone.
Default JPDA_ADDRESS should be changed to localhost:8000 to minimize security scan reports and possible VM hijacks.
Since this is a breaking change, this can be done for Tomcat 8.

(In reply to Mark Thomas from comment #2)
> Or just change JPDA_ADDRESS back to 8000 in setenv.sh
>
> This has been applied to trunk and will be in 8.0.0-RC2 onwards. I'll also
> add a note to the migration page.
Looks good but your did leave out the catalina.bat and res/ide-support/netbeans/README.txt. Was that intentional? Though, I do not know how to port forward a port with RDP.

(In reply to Michael Osipov from comment #3)
> (In reply to Mark Thomas from comment #2)
> > Or just change JPDA_ADDRESS back to 8000 in setenv.sh
> >
> > This has been applied to trunk and will be in 8.0.0-RC2 onwards. I'll also
> > add a note to the migration page.
>
> Looks good but your did leave out the catalina.bat and
That was an oversight. I'll fix that shortly.
> res/ide-support/netbeans/README.txt. Was that intentional? Though, I do not
> know how to port forward a port with RDP.
netbeans I know nothing about.

(In reply to Mark Thomas from comment #4)
> [..]
> > res/ide-support/netbeans/README.txt. Was that intentional? Though, I do not
> > know how to port forward a port with RDP.
>
> netbeans I know nothing about.
This is a user guide. Nothing crucial but examples should resemble the catalina.sh settings.

This is ASF Bugzilla: the Apache Software Foundation bug system. In case
of problems with the functioning of ASF Bugzilla, please contact
bugzilla-admin@apache.org.
Please Note: this e-mail address is only for reporting problems
with ASF Bugzilla. Mail about any other subject will be silently
ignored.